Re: [exim] TLS fatal alert for connections from web.de

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Viktor Dukhovni
Datum:  
To: exim-users
Betreff: Re: [exim] TLS fatal alert for connections from web.de
The web.de TLS implementation seems to have multiple problems.

    http://archives.neohapsis.com/archives/postfix/2013-08/thread.html#291


here they were sending internal error alerts when the Postfix server
had an both an RSA and an ECDSA certificate. Their SMTP client
selected ECDSA and then failed. When the ECDSA certificate was dropped
from the configuration, TLS reputedly worked.

    - web.de/gmx.de have a borked TLS stack


    - The Postfix server in the above thread supports EECDH as well
      as (prime) EDH.  So it is possible that web.de's TLS stack is
      allergic to 1024-bit DH primes, but not to EECDH (ephemeral
      elliptic curve Diffie-Hellman key exchange).


In any case, there is evidence that web.de has multiple interop
problems, I think this is their problem to fix.

-- 
    Viktor.